38d3f45c15d354a76eaa73d2da717165dee22b8207fa87088685486019ff482d

Sharing

Copy URL

Twitter E-mail

General

Target

38d3f45c15d354a76eaa73d2da717165dee22b8207fa87088685486019ff482d
Size

1.8MB
MD5

954e5bfc83812346d1cd11a59f7d205d
SHA1

179dd32769c491758ff2e418c9b20efc94af5725
SHA256

38d3f45c15d354a76eaa73d2da717165dee22b8207fa87088685486019ff482d
SHA512

1d9eb7e3548e9082cccff9823ef7c205d9f161e35b66be22cc9737cfbf013781e56647fb54941945614310ba91f44904fe3341d03cb39779bbc41a1951503feb
SSDEEP

49152:mshUlx6PWNfwfFtSYlvenkSH9J/Djs6IIIIIIIR:rUloaUtSAvgNH9JXjIIIIIIIR

Score

N/A

Malware Config

Signatures

Files

38d3f45c15d354a76eaa73d2da717165dee22b8207fa87088685486019ff482d
.exe windows x86

a314129caa9b6c3c93932426e910ef61

Code Sign

4e:1b:b8:9b:4a:d3:27:ad:44:05:73:2e:db:ea:43:2b
Certificate

Issuer

CN=MEBMNGZERZZKXJBREZ

Not Before

08-07-2019 11:15

Not After

31-12-2039 23:59

Subject

CN=MEBMNGZERZZKXJBREZ

Extended Key Usages

ExtKeyUsageCodeSigning

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27-04-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

30-05-2020 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a3:0d:e6:31:5a:ec:1a:26:24:7a:e3:6f:c1:13:3d:a9:22:04:6c:a2
Signer

Actual PE Digest

a3:0d:e6:31:5a:ec:1a:26:24:7a:e3:6f:c1:13:3d:a9:22:04:6c:a2

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=MEBMNGZERZZKXJBREZ

18-07-2019 11:37
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
GetNumberFormatW
GetOEMCP
GetProcAddress
GetProcessHeap
GetProfileIntA
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemTimeAsFileTime
GetThreadTimes
GetTickCount
GetVersionExA
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
IsDBCSLeadByte
IsDebuggerPresent
IsValidCodePage
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
MapViewOfFile
MultiByteToWideChar
OpenFileMappingW
OpenProcess
OutputDebugStringA
PostQueuedCompletionStatus
QueryPerformanceCounter
ReadFile
RtlUnwind
SetDefaultCommConfigW
GetLocaleInfoA
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetLocalTime
SetStdHandle
SetThreadAffinityMask
SetThreadIdealProcessor
SetUnhandledExceptionFilter
Sleep
SleepEx
SuspendThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualFree
VirtualProtectEx
WTSGetActiveConsoleSessionId
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
WriteFile
lstrcmpiA
lstrcpynA
lstrlenW
GetModuleHandleW
GetLocalTime
GetLastError
GetFileType
GetFileSize
GetFileAttributesW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetConsoleOutputCP
GetConsoleMode
GetConsoleCP
GetConsoleAliasA
GetCommandLineA
GetCPInfo
GetBinaryTypeA
GetACP
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FlushFileBuffers
FatalAppExitA
ExpandEnvironmentStringsA
ExitProcess
EnumResourceLanguagesW
EnterCriticalSection
DnsHostnameToComputerNameW
DnsHostnameToComputerNameA
DisconnectNamedPipe
DeviceIoControl
DeleteCriticalSection
CreateThread
CreateNamedPipeA
CreateFileW
CreateFileMappingA
CreateFileA
CreateEventA
ConvertDefaultLocale
ConnectNamedPipe
CompareStringW
CompareStringA
CloseHandle
CancelIo
GetModuleHandleA
SetErrorMode
SetEnvironmentVariableA
VirtualAlloc

user32

IsDlgButtonChecked
IsCharAlphaNumericW
InternalGetWindowText
GetWindowModuleFileNameA
GetMonitorInfoW
GetKeyState
ExitWindowsEx
EnumPropsExA
EndPaint
DrawTextW
DlgDirSelectExW
DdeUninitialize
CreateWindowExW
MapWindowPoints
CloseWindowStation
BeginPaint
LoadIconA
CharUpperW
GetClipboardSequenceNumber
CopyIcon
CreatePopupMenu
GetMessageTime
GetActiveWindow
GetParent
GetMenuCheckMarkDimensions
GetSystemMetrics
CharNextA
RegisterClassExA
SetLayeredWindowAttributes
TrackPopupMenu
wsprintfA
CreateCursor
LoadCursorFromFileW
GetMenuItemCount
GetTopWindow
GetDialogBaseUnits
InSendMessage
GetKBCodePage
GetMessagePos
GetKeyboardLayout
ShowCaret
CharLowerA
GetClipboardViewer

gdi32

TranslateCharsetInfo
SetDIBitsToDevice
Rectangle
RectInRegion
PlayEnhMetaFileRecord
PATHOBJ_vGetBounds
ModifyWorldTransform
HT_Get8BPPMaskPalette
GetColorSpace
CreateHalftonePalette
RealizePalette
DeleteColorSpace
WidenPath
EndPath
FillPath
FlattenPath
GetTextAlign
EngTextOut
GdiDllInitialize
GdiSetPixelFormat
GetTextExtentExPointA
GetCharacterPlacementW

advapi32

RegQueryValueExA
StartServiceCtrlDispatcherA
SetTokenInformation
SetServiceStatus
SetSecurityDescriptorDacl
SetNamedSecurityInfoA
RegisterServiceCtrlHandlerA
RegisterEventSourceA
RegOpenKeyExA
RegCloseKey
OpenServiceA
OpenSCManagerA
OpenProcessToken
LookupPrivilegeValueA
InitializeSecurityDescriptor
DuplicateTokenEx
DeregisterEventSource
DeleteService
CreateServiceA
CreateProcessAsUserA
CloseServiceHandle
AdjustTokenPrivileges
RegOpenKeyExW

shell32

SHGetDesktopFolder
SHGetPathFromIDListW
SHPathPrepareForWriteA
SHPathPrepareForWriteW

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a314129caa9b6c3c93932426e910ef61

Code Sign

4e:1b:b8:9b:4a:d3:27:ad:44:05:73:2e:db:ea:43:2bCertificate

Extended Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

a3:0d:e6:31:5a:ec:1a:26:24:7a:e3:6f:c1:13:3d:a9:22:04:6c:a2Signer

Signature Validations

Verification

18-07-2019 11:37 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 5KB - Virtual size: 5KB

4e:1b:b8:9b:4a:d3:27:ad:44:05:73:2e:db:ea:43:2b
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

a3:0d:e6:31:5a:ec:1a:26:24:7a:e3:6f:c1:13:3d:a9:22:04:6c:a2
Signer

18-07-2019 11:37
Valid: false

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 5KB - Virtual size: 5KB